package com.qf.realm;

import com.qf.dao.SysMenuDao;
import com.qf.dao.SysRoleDao;
import com.qf.dao.SysUsersDao;
import com.qf.pojo.SysMenu;
import com.qf.pojo.SysUsers;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthenticatingRealm;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.Set;

/**
 * 自定义Realm 实现接收用户名密码  并查询Mysql数据库中的用户名及密码进行校验
 * <p>
 * Shiro：二大功能： 认证   授权
 * <p>
 * AuthorizingRealm:授权 + 认证
 * <p>
 * AuthenticatingRealm:认证
 *
 * @author lixu
 */
public class MyUserRealm extends AuthorizingRealm {

    @Autowired
    private SysUsersDao sysUsersDao;
    @Autowired
    private SysRoleDao sysRoleDao;
    @Autowired
    private SysMenuDao sysMenuDao;

    /**
     * 授权方法
     *
     * @param principals
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

        //1：获取用户信息对象
        SysUsers sysUsers = (SysUsers) principals.getPrimaryPrincipal();

        //2:根据用户信息查询对应的角色集合
        Set<String> roles = sysRoleDao.findRolesByUid(sysUsers.getId());

        //3:根据用户信息查询对应的权限集合
        Set<String> stringPermissions = sysMenuDao.findPermsByUid(sysUsers.getId());

        //授权信息对象
        SimpleAuthorizationInfo authorizationInfo =
                new SimpleAuthorizationInfo();
        //追加角色
        authorizationInfo.addRoles(roles);
        //追加权限
        authorizationInfo.addStringPermissions(stringPermissions);
        return authorizationInfo;
    }

    /**
     * 认证方法
     *
     * @param token
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
        //1:用户名
        String username = usernamePasswordToken.getUsername();
        //String username = (String) token.getPrincipal();
        //2:密码（加密后）
        String password = new String(usernamePasswordToken.getPassword());
        //char[] password = (char[]) token.getCredentials();

        //3:查询DB中用户信息
        SysUsers sysUsers = sysUsersDao.findSysUserByUsername(username);
        if (null == sysUsers) {
            throw new UnknownAccountException("用户名不存在");
        }
        //4：校验密码是否正确
        if (!password.equals(sysUsers.getPassword())) {
            throw new IncorrectCredentialsException("密码不正确");
        }
        //5:校验用户当前状态
        if (1 != sysUsers.getStatus()) {
            throw new LockedAccountException("当前帐户被锁定");
        }
        //.....................
        AuthenticationInfo authenticationInfo =
                new SimpleAuthenticationInfo(sysUsers, password, this.getName());
        return authenticationInfo;
    }
}
